.github/workflows/image_scan.yml

name: Images scanner

on:
  workflow_dispatch:

jobs:
  images-security-scan:
    name: Images Scanner
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        prj_folder: ["dvna", "vulnado"]

    steps:
      - name: Checkout Repository
        uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to Docker Hub
        id: docker-login
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_PASSWORD }}

      - name: Build Docker image
        id: build-image
        uses: docker/build-push-action@v6
        with:
          context: "${{ github.workspace }}/vuln_apps/${{ matrix.prj_folder }}"
          push: false
          load: true
          tags: ${{ matrix.prj_folder }}:latest

      - name: Docker Scout CVEs
        uses: docker/scout-action@v1
        with:
          command: cves
          image: local://${{ matrix.prj_folder }}:latest
          sarif-file: ${{ matrix.prj_folder }}-cves.json